DOCSLIB.ORG

Principi E Strumenti Del Whistleblowing: Il Caso Globaleaks 11 March

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Principi E Strumenti Del Whistleblowing: Il Caso Globaleaks 11 March Principi e strumenti del whistleblowing: il caso GlobaLeaks 11 March 2015, Centro Nexa, Torino 73° Mercoledì di Nexa - Hermes Center for Transparency and Digital Human Rights https://globaleaks.org - http://logioshermes.org Hermes Center for Transparency and Digital Human Rights https://globaleaks.org Who’s using Whistleblowing and how Whistleblowing Whistleblowing + Technology = Citizens Power Digital Whistleblowing Paradigm change When “online” psychological barrier reduce Digital Security and Privacy Challenges for Whistleblowing Digital Whistleblowing works only with strong privacy But online reporting actions could leave online Especially due to corporate & government surveillance INTERCEPTION TRACING • Email • Email • Web Browsing • Web Browsing • Phone Calls • Location tracking • Location tracking • Proxy Logs • Metadata Unknown or Inappropriate Data Retention Policies Surveillance kills trust Distrust kills whistleblowing Restore trust and confidence by the whistleblowers Digital Security Digital Anonymity Data Encryption Anonimity vs. Confidentiality • Anonimity and Confidentiality – Confidentiality: I know who you are, but i am not going to tell to anyone – Anonymity: I don’t know who you are and i’ve no way to find it out • Analog vs. Digital Anonimity – Analog: I don’t tell you who i am – Digital: I don’t tell you who i am and where is my computer (IP address) • Anonimity Technology: Tor – Used everyday by +500.000 persons – +5000 volounteers – Co-financed by US Government • Improving Whistleblower’s trust by giving real, verifiable security guarantees • The choice of privacy level have to stay in the Whistleblower’s hands GlobaLeaks Security • Digital Anonymity – Submission via Tor or Tor2web/HTTPS • Data Encryption – Files encrypted with PGP • Data Retention – Submissions are deleted every 2 weeks, keep server clean • Secure system – 4 professional security review (isecpartners, cure53, leastauthority, Veracode) • Whistleblower Awareness – PrivacyBadge – Forced disclaimers – Awareness messages Digital Whistleblowing Tactics for Social Change Who’s using Digital Whistleblowing and how? Whistleblowing 2.0 •Technology enabled new way to make “Whistleblowing” • Website of Civil society Activists (WikiLeaks, WildLeaks, Pistaljka, FiltraLa, BalkanLeaks, etc) •Media (Forbes, The Guardian, Washington Post, Aljazeera TU, WSJ SafeHouse, etc) •Investigative Journalism Groups (MagyarLeaks, IRPILeaks, ExpoLeaks, etc) •Website taking action on petty corruption such as iPaidaBribe (India,Nepal,Pakistan,Gujana,Hungary) •Website of national anticorruption authorities & TI’s ALAC (Austria, Kenia, TI-it, etc) •Web portal for whistleblowing procedures of corporations and public agencies •To get more in depth : http://leakdirectory.org Investigative Journalist Digital Dropbox • Investigative Journalist Groups acting on Topics of Public Interests • Journalistic investigation and fact-checking done in-house • Publishing of scoops and articles https://irpi.eu/irpileaks/ http://atlatszo.hu/magyarleaks http://www.perun.rs / Coordinate release/ across multiple media Select Category Fact Checking Media Publishing Send Tip Investigative Journalism Pistaljka: Anti Corruption Activism http://pistaljka.rs Initiative supported by: / Structured workflow of operation for Serbian wholesale anticorruption initiative Authorities Send Tip Issue FOIA Serbian Gov Media LJOST: Government Transparency Activism Iceland Government Transparency Activism http://www.ljost.is Recent Achievements: • 30 December 2013: Release of Iceland Banking Collapse raw data • 31 December 2013: Ministry of Finance found to be key stakeholder in saved banks May lead Crowdsourcing Validation Raw Data to Send Tip Publishing Publishing of Factchecking Multi Stakeholders Digital Whistleblowing PubLeaks Foundation • Consortium by all media partners 42 media partners • Manage the IT infrastructure • National Media • Can’t access to Leaks • Printed Journal • Provide technical support • Online Media • Provide “Secure” Laptop • TV • Local Media Achieved amazing result in few months • Abuse of power by politicians • Abuse of public funds https://publeaks.nl • Already got attempt of Takedown https://secure.publeaks.nl Exclusivity IF only 1 media Publishing on media Select Media Fact Platform Checking (web, Send Tip printed, Max 3 in parallel out of 42 tv) IF multiple media receive the leaks • Embargo Period • Cooperation Rules MUST write that source come from publeaks Key Points: • Stimulate cooperation • Stimulate competition • Whistleblower select receipient based on the media’s reputation MafiaLeaks: Activism against Organized Crime http://www.mafialeaks.or g Mafia Whistleblowers Authorities Victim of Mafia MAFIA Antimafia Journos LEAKS “I know something” AntiaMafia NGO WildLeaks: WildLife Crime Activism Multi Stakeholder Initiative by: Elephant Action League (US) Environmental Investigation Agency (UK) Oxpeckers Center (South Africa) EcoJust (NL) Global Eye (Africa and Southeast Asia) https://wildleaks.org/ Multi Stakeholder organization taking action in collaborative way on Wild Life Crime Authorities Send Tip Collaborative Other NGOs Investigation Action Local Communities Media InfoDio: Anti Corruption Blogging http://infodio.com Venezuela bi-linguistic / Censored in Venezuela by Movistar on 17/01/2014 Exposing Corruption in Venezuela trough Investigative Journalism & Blogging based on Leaks Send Tip Investigation Direct Publishing on Infodio Blog Publishing Salzburg PiratenPartei: Political Activism Report by citizens on malpractices/doubt act by Salzburg Municipality & Controlled companies - Political Campaigning Send Tip Verification Take - Municipality Questioning action - Policy Advocacy for corrective actions http://salzburger- piratenpartei.at/?p=1168 ALAC: Transparency International Italy https://www.transparency.it/alac ● Started in Nov 2014 ● 40 good tip Feb 2015 ● Strict questionaries focusing on information quality ● Try to address Whistleblower inquiry trough the right channel ● Roadmap for improvement Experimental / Practical handling of anticorruption Tip, considering whistleblower safety Anticorruption Officer Deal with Send Tip ANAC Whistleblower Action Authorities Media https://www.expoleaks.it by IRPI - Investigative Reporting Project Italy & Wired Italy MANY OTHERS What are your Whistleblowing social schema and ideas? OK: What’s about Italy? ➔Cosa succede in italia? WB: Reputazione e Terminologia http://blog.terminologiaetc.it/2013/06/12/significato-traduzione-whistleblower/ Whistleblowing & Law • Whistleblowing = Anticorruzione 190/2012 • Criticità: – Disincentivo a segnalare (se a conoscenza) – Disincentivo a parlare (se coinvolti) – Disincentiva i responsabili anticorruzione Whistleblowing & ANAC • Ricevono segnalazioni tramite [email protected] – Imbarazzante.... • Nuove procedure improntate sulla compliance normativa, non sull’efficacia...! Dice il saggio: "per il momento l'autorità italiana anticorruzione non sembra tenere in considerazione il whistleblowing come strumento di contrasto alla corruzione" Whistleblowing & Tecnologia • Molte Pubbliche Amministrazioni stanno implementando soluzioni tecnologiche “in-house” (spesso molto, molto, discutibili) • Improvvisati esperti di sicurezza soddisfano esigenze di “compliance” • Manca governance delle tecnologie anticorruzione Principi e strumenti del whistleblowing: il caso GlobaLeaks 11 March 2015, Centro Nexa, Torino 73° Mercoledì di Nexa - Hermes Center for Transparency and Digital Human Rights https://globaleaks.org - http://logioshermes.org FINE :-) Le slide che seguono sono eventualmente utili x la discussione How to setup a Whistleblowing initiative? ➔Practical brainstorming ➔Let’s plan your whistleblowing initiative! What do you want to achieve? Define your whistleblowing project goals (aligned with your social goals) The “leaks” • Which information are you looking for? • How do you qualify the information received? • What do you realistically expect to receive? The “Whistleblowers” • Who are the sources/whistleblowers that are likely to send you information? • Which are the motivations driving a source/whistleblower to send you an information? • Which languages are spoken by Whistleblowers? What do you do with the leaks? • What are you going to do with information received? • How you are going to verify/fact-check them? • Who are the persons involved in handling the leaks? • Did you clearly, publicly documented your data management & editorial policy? Assess your organizational capacity • How do you organize yourself? • Do you have all the relevant skills and effort available to run the project? Legal Framework • Did you assess your legal risks in soliciting whistleblowers and taking actions on received information? • Which are legal liabilities of different stakeholders (Whistleblowers, Receivers, Maintainer)? • Are you operating as informal individual group or as a legal entity? Who’s liable for that? Communication & Campaigning • Leaks are not coming alone, you need to solicit them! • What’s your media strategy? • How you are going to campaign for that? • How you will manage critics coming to you? • Do you have partners to work with? • Are you going to “surf the news” with targeted-campaign? Operational Security • Who is interested in acquiring the “leaks”? Which are their capabilities? • How do you protect the information you receive? • How do you protect the communication among the people taking actions on the leaks? Whistleblower Security • Do you understand the risks that
Load more

Recommended publications
  • UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations
    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations Title A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Permalink https://escholarship.org/uc/item/6w76f8x7 Author Swift, Kathy Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Santa Barbara A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Education by Kathleen Anne Swift Committee in charge: Professor Richard Duran, Chair Professor Diana Arya Professor William Robinson September 2017 The dissertation of Kathleen Anne Swift is approved. ................................................................................................................................ Diana Arya ................................................................................................................................ William Robinson ................................................................................................................................ Richard Duran, Committee Chair June 2017 A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Copyright © 2017 by Kathleen Anne Swift iii ACKNOWLEDGEMENTS I would like to thank the members of my committee for their advice and patience as I worked on gathering and analyzing the copious amounts of research necessary to
    [Show full text]
  • Applications Log Viewer
    4/1/2017 Sophos Applications Log Viewer MONITOR & ANALYZE Control Center Application List Application Filter Traffic Shaping Default Current Activities Reports Diagnostics Name * Mike App Filter PROTECT Description Based on Block filter avoidance apps Firewall Intrusion Prevention Web Enable Micro App Discovery Applications Wireless Email Web Server Advanced Threat CONFIGURE Application Application Filter Criteria Schedule Action VPN Network Category = Infrastructure, Netw... Routing Risk = 1-Very Low, 2- FTPS-Data, FTP-DataTransfer, FTP-Control, FTP Delete Request, FTP Upload Request, FTP Base, Low, 4... All the Allow Authentication FTPS, FTP Download Request Characteristics = Prone Time to misuse, Tra... System Services Technology = Client Server, Netwo... SYSTEM Profiles Category = File Transfer, Hosts and Services Confe... Risk = 3-Medium Administration All the TeamViewer Conferencing, TeamViewer FileTransfer Characteristics = Time Allow Excessive Bandwidth,... Backup & Firmware Technology = Client Server Certificates Save Cancel https://192.168.110.3:4444/webconsole/webpages/index.jsp#71826 1/4 4/1/2017 Sophos Application Application Filter Criteria Schedule Action Applications Log Viewer Facebook Applications, Docstoc Website, Facebook Plugin, MySpace Website, MySpace.cn Website, Twitter Website, Facebook Website, Bebo Website, Classmates Website, LinkedIN Compose Webmail, Digg Web Login, Flickr Website, Flickr Web Upload, Friendfeed Web Login, MONITOR & ANALYZE Hootsuite Web Login, Friendster Web Login, Hi5 Website, Facebook Video
    [Show full text]
  • Introduction Points
    Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database) TORLINKS Directory for .onion sites, moderated. Core.onion - Simple onion bootstrapping Deepsearch - Another search engine. DuckDuckGo - A Hidden Service that searches the clearnet. TORCH - Tor Search Engine. Claims to index around 1.1 Million pages. Welcome, We've been expecting you! - Links to basic encryption guides. Onion Mail - SMTP/IMAP/POP3. ***@onionmail.in address. URSSMail - Anonymous and, most important, SECURE! Located in 3 different servers from across the globe. Hidden Wiki Mirror - Good mirror of the Hidden Wiki, in the case of downtime. Where's pedophilia? I WANT IT! Keep calm and see this. Enter at your own risk. Site with gore content is well below. Discover it! Financial Services Currencies, banks, money markets, clearing houses, exchangers. The Green Machine Forum type marketplace for CCs, Paypals, etc.... Some very good vendors here!!!! Paypal-Coins - Buy a paypal account and receive the balance in your bitcoin wallet. Acrimonious2 - Oldest escrowprovider in onionland. BitBond - 5% return per week on Bitcoin Bonds. OnionBC Anonymous Bitcoin eWallet, mixing service and Escrow system. Nice site with many features. The PaypalDome Live Paypal accounts with good balances - buy some, and fix your financial situation for awhile. EasyCoin - Bitcoin Wallet with free Bitcoin Mixer. WeBuyBitcoins - Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more. Cheap Euros - 20€ Counterfeit bills. Unbeatable prices!! OnionWallet - Anonymous Bitcoin Wallet and Bitcoin Laundry. BestPal BestPal is your Best Pal, if you need money fast. Sells stolen PP accounts.
    [Show full text]
  • An Investigative Study of Cryptocurrency Abuses in the Dark Web
    Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web Seunghyeon Leeyz Changhoon Yoonz Heedo Kangy Yeonkeun Kimy Yongdae Kimy Dongsu Hany Sooel Sony Seungwon Shinyz yKAIST zS2W LAB Inc. {seunghyeon, kangheedo, yeonk, yongdaek, dhan.ee, sl.son, claude}@kaist.ac.kr {cy}@s2wlab.com Abstract—The Dark Web is notorious for being a major known as one of the major drug trading sites [13], [22], and distribution channel of harmful content as well as unlawful goods. WannaCry malware, one of the most notorious ransomware, Perpetrators have also used cryptocurrencies to conduct illicit has actively used the Dark Web to operate C&C servers [50]. financial transactions while hiding their identities. The limited Cryptocurrency also presents a similar situation. Apart from coverage and outdated data of the Dark Web in previous studies a centralized server, cryptocurrencies (e.g., Bitcoin [58] and motivated us to conduct an in-depth investigative study to under- Ethereum [72]) enable people to conduct peer-to-peer trades stand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which without central authorities, and thus it is hard to identify collects Dark Web data, extracts cryptocurrency information, and trading peers. analyzes their usage characteristics on the Dark Web. Specifically, Similar to the case of the Dark Web, cryptocurrencies MFScope collected more than 27 million dark webpages and also provide benefits to our society in that they can redesign extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to financial trading mechanisms and thus motivate new business identify trades of illicit goods and traced cryptocurrency money models, but are also adopted in financial crimes (e.g., money flows, to reveal black money operations on the Dark Web.
    [Show full text]
  • Torward: DISCOVERY, BLOCKING, and TRACEBACK of MALICIOUS TRAFFIC OVER Tor 2517
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 12, DECEMBER 2015 2515 TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor Zhen Ling, Junzhou Luo, Member, IEEE,KuiWu,Senior Member, IEEE, Wei Yu, and Xinwen Fu Abstract— Tor is a popular low-latency anonymous communi- I. INTRODUCTION cation system. It is, however, currently abused in various ways. OR IS a popular overlay network that provides Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we designed Tanonymous communication over the Internet for and implemented a novel system, TorWard, for the discovery and TCP applications and helps fight against various Internet the systematic study of malicious traffic over Tor. The system censorship [1]. It serves hundreds of thousands of users and can avoid legal and administrative complaints, and allows the carries terabyte of traffic daily. Unfortunately, Tor has been investigation to be performed in a sensitive environment such abused in various ways. Copyrighted materials are shared as a university campus. An intrusion detection system (IDS) is used to discover and classify malicious traffic. We performed through Tor. The black markets (e.g., Silk Road [2], an comprehensive analysis and extensive real-world experiments to online market selling goods such as pornography, narcotics validate the feasibility and the effectiveness of TorWard. Our or weapons1) can be deployed through Tor hidden service. results show that around 10% Tor traffic can trigger IDS alerts. Attackers also run botnet Command and Control (C&C) Malicious traffic includes P2P traffic, malware traffic (e.g., botnet servers and send spam over Tor.
    [Show full text]
  • Uva-DARE (Digital Academic Repository)
    UvA-DARE (Digital Academic Repository) Surveillance as public matter Revisiting sousveillance through devices and leaks van der Velden, L.C. Publication date 2018 Document Version Final published version License Other Link to publication Citation for published version (APA): van der Velden, L. C. (2018). Surveillance as public matter: Revisiting sousveillance through devices and leaks. General rights It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an open content license (like Creative Commons). Disclaimer/Complaints regulations If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible. UvA-DARE is a service provided by the library of the University of Amsterdam (https://dare.uva.nl) Download date:27 Sep 2021 Surveillance as Public Matter Revisiting surveillance through devices and leaks metadata trackers network interferences network interferences trackers, files Lonneke van der Velden social media profiles files files files Surveillance as public matter Revisiting sousveillance through devices and leaks ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Universiteit van Amsterdam op gezag van de Rector Magnificus prof.
    [Show full text]
  • Mitigating the Risks of Whistleblowing an Approach Using Distributed System Technologies
    Mitigating the Risks of Whistleblowing An Approach Using Distributed System Technologies Ali Habbabeh1, Petra Maria Asprion1, and Bettina Schneider1 1 University of Applied Sciences Northwestern Switzerland, Basel, Switzerland [email protected] [email protected] [email protected] Abstract. Whistleblowing is an effective tool to fight corruption and expose wrongdoing in governments and corporations. Insiders who are willing to report misconduct, called whistleblowers, often seek to reach a recipient who can dis- seminate the relevant information to the public. However, whistleblowers often face many challenges to protect themselves from retaliation when using the ex- isting (centralized) whistleblowing platforms. This study discusses several asso- ciated risks of whistleblowing when communicating with third parties using web- forms of newspapers, trusted organizations like WikiLeaks, or whistleblowing software like GlobaLeaks or SecureDrop. Then, this study proposes an outlook to a solution using decentralized systems to mitigate these risks using Block- chain, Smart Contracts, Distributed File Synchronization and Sharing (DFSS), and Distributed Domain Name Systems (DDNS). Keywords: Whistleblowing, Blockchain, Smart Contracts 1 Introduction By all indications, the topic of whistleblowing has been gaining extensive media atten- tion since the financial crisis in 2008, which ignited a crackdown on the corruption of institutions [1]. However, some whistleblowers have also become discouraged by the negative association with the term [2], although numerous studies show that whistle- blowers have often revealed misconduct of public interest [3]. Therefore, researchers like [3] argue that we - the community of citizens - must protect whistleblowers. Addi- tionally, some researchers, such as [1], claim that, although not perfect, we should re- ward whistleblowers financially to incentivize them to speak out to fight corruption [1].
    [Show full text]
  • Help I Am an Investigative Journalist in 2017
    Help! I am an Investigative Journalist in 2017 Whistleblowers Australia Annual Conference 2016-11-20 About me • Information security professional Gabor Szathmari • Privacy, free speech and open gov’t advocate @gszathmari • CryptoParty organiser • CryptoAUSTRALIA founder (coming soon) Agenda Investigative journalism: • Why should we care? • Threats and abuses • Surveillance techniques • What can the reporters do? Why should we care about investigative journalism? Investigative journalism • Cornerstone of democracy • Social control over gov’t and private sector • When the formal channels fail to address the problem • Relies on information sources Manning Snowden Tyler Shultz Paul Stevenson Benjamin Koh Threats and abuses against investigative journalism Threats • Lack of data (opaque gov’t) • Journalists are imprisoned for doing their jobs • Sources are afraid to speak out Journalists’ Privilege • Evidence Amendment (Journalists’ Privilege) Act 2011 • Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 Recent Abuses • The Guardian: Federal police admit seeking access to reporter's metadata without warrant ! • The Intercept: Secret Rules Makes it Pretty Easy for the FBI to Spy on Journalists " • CBC News: La Presse columnist says he was put under police surveillance as part of 'attempt to intimidate’ # Surveillance techniques Brief History of Interception First cases: • Postal Service - Black Chambers 1700s • Telegraph - American Civil War 1860s • Telephone - 1890s • Short wave radio -1940s / 50s • Satellite (international calls) - ECHELON 1970s Recent Programs (2000s - ) • Text messages, mobile phone - DISHFIRE, DCSNET, Stingray • Internet - Carnivore, NarusInsight, Tempora • Services (e.g. Google, Yahoo) - PRISM, MUSCULAR • Metadata: MYSTIC, ADVISE, FAIRVIEW, STORMBREW • Data visualisation: XKEYSCORE, BOUNDLESSINFORMANT • End user device exploitation: HAVOK, FOXACID So how I can defend myself? Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
    [Show full text]
  • Monitoring the Dark Web and Securing Onion Services
    City University of New York (CUNY) CUNY Academic Works Publications and Research Queensborough Community College 2017 Monitoring the Dark Web and Securing Onion Services John Schriner CUNY Queensborough Community College How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/qb_pubs/41 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Monitoring the Dark Web Schriner 1 John Schriner Monitoring the Dark Web Contrary to what one may expect to read with a title like Monitoring the Dark Web, this paper will focus less on how law enforcement works to monitor hidden web sites and services and focus more on how academics and researchers monitor this realm. The paper is divided into three parts: Part One discusses Tor research and how onion services work; Part Two discusses tools that researchers use to monitor the dark web; Part Three tackles the technological, ethical, and social interests at play in securing the dark web. Part One: Tor is Research-Driven Tor (an acronym for 'the onion router' now stylized simply 'Tor') is an anonymity network in which a user of the Tor Browser connects to a website via three hops: a guard node, a middle relay, and an exit node. The connection is encrypted with three layers, stripping a layer at each hop towards its destination server. No single node has the full picture of the connection along the circuit: the guard knows only your IP but not where the destination is; the middle node knows the guard and the exit node; the exit node knows only the middle node and the final destination.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • The Tor Dark Net
    PAPER SERIES: NO. 20 — SEPTEMBER 2015 The Tor Dark Net Gareth Owen and Nick Savage THE TOR DARK NET Gareth Owen and Nick Savage Copyright © 2015 by Gareth Owen and Nick Savage Published by the Centre for International Governance Innovation and the Royal Institute of International Affairs. The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors. This work is licensed under a Creative Commons Attribution — Non-commercial — No Derivatives License. To view this license, visit (www.creativecommons.org/licenses/by-nc- nd/3.0/). For re-use or distribution, please include this copyright notice. 67 Erb Street West 10 St James’s Square Waterloo, Ontario N2L 6C2 London, England SW1Y 4LE Canada United Kingdom tel +1 519 885 2444 fax +1 519 885 5450 tel +44 (0)20 7957 5700 fax +44 (0)20 7957 5710 www.cigionline.org www.chathamhouse.org TABLE OF CONTENTS vi About the Global Commission on Internet Governance vi About the Authors 1 Executive Summary 1 Introduction 2 Hidden Services 2 Related Work 3 Study of HSes 4 Content and Popularity Analysis 7 Deanonymization of Tor Users and HSes 8 Blocking of Tor 8 HS Blocking 9 Conclusion 9 Works Cited 12 About CIGI 12 About Chatham House 12 CIGI Masthead GLOBAL COMMISSION ON INTERNET GOVERNANCE PAPER SERIES: NO. 20 — SEPTEMBER 2015 ABOUT THE GLOBAL ABOUT THE AUTHORS COMMISSION ON INTERNET Gareth Owen is a senior lecturer in the School of GOVERNANCE Computing at the University of Portsmouth.
    [Show full text]
  • Deepweb and Cybercrime It’S Not All About TOR
    A Trend Micro Research Paper Deepweb and Cybercrime It’s Not All About TOR Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle Forward-Looking Threat Research Team Trend Micro | Deepweb and Cybercrime Contents Abstract ..................................................................................................................................................3 Introduction ...........................................................................................................................................3 Overview of Existing Deepweb Networks ......................................................................................5 TOR ............................................................................................................................................5 I2P ...............................................................................................................................................6 Freenet .......................................................................................................................................7 Alternative Domain Roots ......................................................................................................7 Cybercrime in the TOR Network .......................................................................................................9 TOR Marketplace Overview ..................................................................................................9 TOR Private Offerings ..........................................................................................................14
    [Show full text]